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WHAT IS CLAIMED IS: 

1 . A system for providing piiblic key infrastructure security 
in a wide area computer network comprising: 

a user terminal coupled to the computer network including 
a client system; 

a private key, and a public key assigned to a user when the 
user registers with the system using the user terminal; 

a database remote from the user terminal for securely 
storing the private key and the public key; 

a server system remote from the user terminal and coupled 
to the computer network including a computer executable code for 
performing a cryptographic function as a user transaction data on 
behalf of the user. 

2. The system of claim 1, further comprising a plurality of 
security device transaction data stored in the database, wherein each 
security device transaction data is related to a respective user. 

3. The system of claim 1, wherein the private key is encrypted 
when it is stored in the database. 

4. The system of claim 2, wherein a respective security device 
transaction data related to a user is loaded into the cryptographic 
device when the user requests a service. 

5. The system of claim 1, wherein the server system includes 
a cryptographic device to authenticate the identity of the user and 
verify that the identified user is authorized to assume a role and 
perform a corresponding operation. 

6. The system of claim 5, wherein the assumed role is a 
security officer role to initiate a key management function. 
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7. The system of claim 5, wherein the assumed role is an 
administrator role to manage a user access control database. 

8. The system of claim 5, wherein the assumed role is a 
provider role to withdraw from a user account. 

9. The system of claim 5, wherein the assumed role is a user 
role to operate on a value bearing item. 

10. The system of claim 5, wherein the assumed role is a 
certificate authority role to allow a public key certificate to be 
loaded and verified. 

11. The system of claim 5, wherein the cryptographic device 
includes a computer executable code for supporting multiple 
concurrent users and maintaining a separation of roles and operations 
performed by each user. 

12. The system of claim 5, wherein the cryptographic device 
stores information about a number of last transactions in a 
respective internal register. 

13 . The system of claim 12 , wherein the database stores a table 
including the respective information about a last transaction, a 
verification module to compare the information saved in the device 
with the information saved in the database. 

14. The system of claim 1, further comprising a digital 
certificate stored in the database and assigned to a user when the 
user registers with the system. 

15. The system of claim 1, wherein the cryptographic function 
is digitally signing a certificate. 
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16. The system of claim 1, wherein the cryptographic fxmction 
is encrypting data. 

17. The system of claim 1, wherein the cryptographic fimction 
is decrypting data. 

18. The system of claim 1, wherein the database includes a user 
profile for the user. 

19. The system of claim 18, wherein the user profile includes 
username, user role, password, logon failure coimt, logon failure 
limit, logon time-out limit, account expiration, password expiration, 
and password period . 

20. The system of claim 5, wherein the cryptographic device is 
capable of performing one or more of Rivest, Shamir and Adleman (RSA) 
public key encryption, DES, Triple-DES, DSA signature, SHA-1, and 
Pseudo-random nijmber generation algorithms. 

21. The system of claim 5, wherein the cryptographic device 
stores information about a nimnber of last transactions in an internal 
register and compares the information saved in the register with the 
information saved in a memory before loading a new transaction data. 

22 . A method for providing public key infrastructure security 
in a wide area computer network comprising the steps of: 

assigning a private key and a public key certificate to a 
user when the user registers with the system using a user terminal 
coupled to the computer network; 

storing the private key and the pioblic key in a database 
remote from the user terminal; and 

performing a cryptographic f-unction as a user transaction 
data on behalf of the user utilizing the stored private key. 
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23. The method of claim 22, further comprising the step of 
storing a digital certificate and assigning the stored digital 
certificate to a user when the user registers with the system. 

24. The method of claim 22, further comprising the step of 
storing a plurality of security device transaction data in the 
database, wherein each transaction data is related to one of a 
plurality of users . 

25. The method of claim 24, further comprising the step of 
loading a security device transaction data related to a user into one 
of the one or more of cryptographic devices when the user requests to 
operate on a value bearing item. 

26. The method of claim 25, further coirprising the step of 
verifying that the requesting user is authorized to assume a role and 
to perform a corresponding operation. 

27. The method of claim 26, wherein the assiomed role is an 
administrator role to manage a user access control. 

28. The method of claim 26, wherein the assumed role is a user 
role to perform expected IBIP postal meter operations. 

29. The method of claim 26, wherein the assumed role is a 
certificate authority role to allow a piiblic key certificate to be 
loaded and verified. 

30. The method of claim 26, further coirprising the steps of 
supporting multiple concurrent operators and maintaining a separation 
of roles and operations performed by each operator. 

31. The method of claim 22, further comprising the steps of: 
storing information about a number of last transactions in 
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a respective internal register of each of the one or more 

cryptographic devices; 

storing a table including the infonnation about a last 

transaction in the databases- 
comparing the information saved in the respective device 

with the respective infoanioation saved in the database; and 

loading a new transaction data if the respective 

information stored in the device compares with the respective 

information stored in the database. 

32. The method of claim 22, wherein the cryptographic function 
is digitally signing a certificate. 

33. The method of claim 22, wherein the cryptographic function 
is encrypting data. 

34. The method of claim 22, wherein the cryptographic function 
is decrypting data. 

35. The method of claim 22, further comprising the step of 
storing a user profile for a plurality of users. 

36. The method of claim 35, wherein the user profile includes 
usemame, user role, password, logon failure coTint, logon failure 
limit, logon time-out limit, account expiration, password expiration, 
and password period 

37. The method of claim 22, wherein the cryptographic function 
is one or more of Rivest, Shamir and Adleman (RSA) public key 
encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random 
nxjmber generation algorithms. 
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